Cybersecurity firm Imperva disclosed a data breach that has exposed sensitive information for some customers of its Cloud Web Application Firewall (WAF) product, formerly known as Incapsula.
Incapsula, is a CDN service designed to protect customers’ website from all threats and mitigate DDoS attacks essential infrastructure.
Imperva CEO Chris Hylen revealed that the company learned about the incident on August 20, 2019, when it was informed about the data exposure impacting Cloud Web Application Firewall (WAF) product.
“We want to be very clear that this data exposure is limited to our Cloud WAF product.” reads the Hylen’s announcement. “Here is what we know about the situation today:
Laked data included email addresses and hashed and salted passwords for all Cloud WAF customers who registered before 15th September 2017.
Hylen added that for a subset of the Incapsula customers, through September 15, 2017, were exposed API keys and customer-provided SSL certificates.
The company informed global regulatory agencies and launched an investigation of the security breach with the help of outside forensic experts.
“We activated our internal data security response team and protocol, and continue to investigate with the full capacity of our resources how this exposure occurred,” continues the CEO. “We have informed the appropriate global regulatory agencies. We have engaged outside forensic experts.”
Imperva did not share details o the incident, it is still unclear if it was hacked or if the data leak in the result of some misconfigured components in its infrastructure.
“We profoundly regret that this incident occurred and will continue to share updates going forward. In addition, we will share learnings and new best practices that may come from our investigation and enhanced security measures with the broader industry,” the company concludes.
The company urges Cloud WAF users to change their passwords, implement Single Sign-On (SSO), enable two-factor authentication (2FA), generate and upload new SSL certificate, and reset their API keys.
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – Imperva, data breach)
[adrotate banner=”5″]
[adrotate banner=”13″]
The MITRE Corporation revealed that a nation-state actor compromised its systems in January 2024 by…
China-linked threat actors are preparing cyber attacks against U.S. critical infrastructure warned FBI Director Christopher…
The United Nations Development Programme (UNDP) has initiated an investigation into an alleged ransomware attack…
BlackBerry reported that the financially motivated group FIN7 targeted the IT department of a large…
An international law enforcement operation led to the disruption of the prominent phishing-as-a-service platform LabHost.…
Russia-linked APT Sandworm employed a previously undocumented backdoor called Kapeka in attacks against Eastern Europe since…
This website uses cookies.